Posted: Fri Sep 05, 2025 9:40 Post subject: Multi-AP Guest wi-fi network on unmanaged switch
Hello everyone.
I have two routers connected via LAN to an unmanaged network switch. Both routers have DD-WRT firmware installed. Both routers are configured in "WAN connection type disabled" mode, meaning they both function as access points. Each router is configured to generate a private Wi-Fi network that works properly. My intention is to add a guest Wi-Fi network to this private Wi-Fi network, completely isolated from the private one. This means the guest network only has access to the Internet, but not to devices on the private LAN. I would like this guest Wi-Fi network to be distributed, meaning each router generates a network with the same SSID and security key, so that clients are completely transparent as to whether they connect to the first or second router. I would also like the Wi-Fi network to have a single dedicated DHCP server with a dedicated address range independent of the DHCP server already running for the private network.
The first router has a IP address 192.168.1.22 and firmware version DD-WRT v3.0-r58389 std (09/20/24).
The second router has a IP address 192.168.1.19 and firmware version DD-WRT v3.0-r61920 std (07/12/25).
Unfortunately, I can't set up a guest Wi-Fi network using the usual VLAN technique because the network switch between the two routers is not managed.
On the first router, I have already configured a VAP (Virtual Access Point) wl1.1 with the address 192.168.20.22 and the SSID "wi-fi_guest." On the same router, I have configured a DHCP server reachable at the same address, which assigns IP addresses in the range 192.168.20.100 to 192.168.20.150.
On the second router, I configured another VAP wlan0.1 with an IP address of 192.168.20.19 and a temporary SSID (just for testing) of "wi-fi_guest_2" (the two SSIDs will hopefully be the same). I enabled DHCP relay with the following command: "dhcp-relay=wlan0.1,192.168.20.22"
I also made sure (by adding a static route) that the second router can ping the DHCP server 192.168.20.22. However, if I connect to the guest Wi-Fi network generated by the first router, everything works fine and I can browse the internet. However, if I connect to the guest Wi-Fi network 2 generated by the second router, I can't acquire the IP address.
Joined: 18 Mar 2014 Posts: 13880 Location: Netherlands
Posted: Tue Sep 16, 2025 6:32 Post subject: Re: Multi-AP Guest wi-fi network on unmanaged switch
piffi wrote:
Unfortunately, I can't set up a guest Wi-Fi network using the usual VLAN technique because the network switch between the two routers is not managed.
There is your answer
Just setup a regular guest wifi on each AP, you can give the same SSID and password.
You might need to tweak power and low ack but roaming will always be somewhat of a problem
Thanks so much egc, finally someone answered my question!! Thank you so much.
This is what I've already done. The problem is that I want to share the DHCP server. My intention is to have a single DHCP server for all my guest Wi-Fi networks so that the client doesn't lose its IP address when switching from one access point to another.
I've already configured a DHCP server on the first access point and allowed the second to reach it. The problem is that when I connect to the guest wi-fi of the first access point everything works, but when I connect to the guest wi-fi of the second I can't get the IP address. Where am I going wrong?
Joined: 16 Nov 2015 Posts: 7087 Location: UK, London, just across the river..
Posted: Tue Sep 16, 2025 17:02 Post subject:
router with x4 Lan ports > one Lan port connected to a switch > than all clients from the switch must obtain IP form the router range...>if you plug AP in each port on the switch than it should be fine...for the record all AP's, if they are routers must be in WAP mode... I use similar network topology...just my router LAN port is on its own VLAN, on bridge with own subnet so, devices from the switch get their own IP and ect. all works well...for the record i hate and dont have guest wifi networks if i need guest network then will add another router in WAP mode (egc way)..but ether will work
If you need more sophisticated network topology than you may need managed switch VLAN capable and ect. just bear in mind this will need some more fiddling and im not very sure if it will work as intended with the new DSA binaries... _________________ Atheros
TP-Link WR1043NDv2 -DD-WRT 62606 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 -DD-WRT 63600 GTW/SmDNS/DoT,AD-Blk,Forced DNS,AP&Net Isolation,x2VLAN,Vanilla
Netgear R7800 --DD-WRT 62606 Gateway/DNSCryptv2,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla,VPN cli
Netgear R9000 --DD-WRT 62606 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Dynalink DL-WRX36-DDWRT 62606
Broadcom
Netgear R7000 --DD-WRT 63600 GTW/DNScrypt-proxy2/AD-Block,IPset Firewall,Forced DNS,x4VLAN,VPN cli
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
Thanks everyone,
I'm lost. You mentioned EoIP Tunneling, and you said an unmanaged switch isn't able to communicate with two different subnets.
I thought I could solve everything with DHCP relay feature. However, from my second router, I can ping the DHCP server running on my first router. I don't know if that's enough.
Thanks everyone
Joined: 13 Aug 2013 Posts: 7122 Location: Romerike, Norway
Posted: Wed Sep 17, 2025 7:11 Post subject:
Make a dhcp Server in each site. First one assigns addresses in the first half of the sub-net and the second in the upper. That way no duplicates will occur Nat to the upstream network.
Thanks, Per Yngve Berg but this is what I'd like to avoid. If the client connected to the guest Wi-Fi network changes its IP address, it could experience disconnection or connection stability issues. I'd like the client to seamlessly switch from one network to another.
Do you think these configurations are correct?
these are the startup commands on the first router (192.168.1.22):
No one bothered to go into the technical details of my configurations, only generic answers or solutions that I immediately asked to be avoided. From this, I deduce that either what I'm asking isn't feasible or there's no expert in advanced networking.
Thanks everyone anyway.
What you say is absolutely true: I have no expertise in advanced networking. That's why I posted on this forum to find someone who could help me fill in the gaps and teach me what I don't know. However, I have to say that so far I haven't found anyone willing to teach me anything or simply help me. I apologize, this isn't a criticism, but since the first post I've asked if it's possible to have a single DHCP server for my multi-AP Wi-Fi network and I've been told to configure two separate DHCP servers. From the second router I can ping the DHCP server running on the first router without any problems (even though it's on a different subnet), and I'm told that they've never seen an unmanaged switch capable of communicating with multiple subnets. The result is that I'm increasingly ignorant and increasingly confused. Can you go into the technical details and explain to me if my configurations are incorrect or if I'm on the wrong path? Can you give me some clues to look into? Thanks everyone.
Joined: 16 Nov 2015 Posts: 7087 Location: UK, London, just across the river..
Posted: Mon Sep 22, 2025 20:47 Post subject:
The task you want to accomplish is not possible due to the essence of the unmanaged switch...
I personally dont know what you really want to achieve...and your lack of knowing the matter drives you to a fictional wishes...
In network world there could be other ways to achieve certain goals...and you really dont need to complicate the things, as they will not work as intended...switches, routers and hubs are simple devices, with very simple tasks to perform..learn the basics and this is the way..nobody here had a pour of knowledge in a one go, into 'da' brain... In order to learn the matter you need to find your own way...and moreover i also never heard about unmanaged switch that communicate with different subnets...
In general managed switches, that are capable to VLAN tagging could communicate with different subnets that are tagged, but this requires lot of fiddling and understanding...lots of youtube videos on the subject..
In your case you already received few valuable answers, more over from a real networking GURUS...and in this case, case is closed, no need to aggravate, that your wish will not happen...
Good Luck with your endeavor.. _________________ Atheros
TP-Link WR1043NDv2 -DD-WRT 62606 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 -DD-WRT 63600 GTW/SmDNS/DoT,AD-Blk,Forced DNS,AP&Net Isolation,x2VLAN,Vanilla
Netgear R7800 --DD-WRT 62606 Gateway/DNSCryptv2,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla,VPN cli
Netgear R9000 --DD-WRT 62606 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Dynalink DL-WRX36-DDWRT 62606
Broadcom
Netgear R7000 --DD-WRT 63600 GTW/DNScrypt-proxy2/AD-Block,IPset Firewall,Forced DNS,x4VLAN,VPN cli
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
